High severity8.8NVD Advisory· Published Oct 1, 2009· Updated Apr 23, 2026

CVE-2009-3520

Description

Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid parameters in an admin_info_user_verif action.

Affected products

Cmsphp Project/Cmsphp
cpe:2.3:a:cmsphp_project:cmsphp:0.21:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/0909-exploits/cmsphp-xsrf.txtnvdBroken LinkExploit
secunia.com/advisories/36075nvdBroken LinkVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000